--- - branch: MAIN date: Sun Jul 9 20:02:28 UTC 2017 files: - new: '1.81' old: '1.80' path: pkgsrc/graphics/GraphicsMagick/Makefile pathrev: pkgsrc/graphics/GraphicsMagick/Makefile@1.81 type: modified - new: '1.17' old: '1.16' path: pkgsrc/graphics/GraphicsMagick/Makefile.common pathrev: pkgsrc/graphics/GraphicsMagick/Makefile.common@1.17 type: modified - new: '1.25' old: '1.24' path: pkgsrc/graphics/GraphicsMagick/PLIST pathrev: pkgsrc/graphics/GraphicsMagick/PLIST@1.25 type: modified - new: '1.43' old: '1.42' path: pkgsrc/graphics/GraphicsMagick/distinfo pathrev: pkgsrc/graphics/GraphicsMagick/distinfo@1.43 type: modified - new: '1.31' old: '1.30' path: pkgsrc/graphics/p5-GraphicsMagick/Makefile pathrev: pkgsrc/graphics/p5-GraphicsMagick/Makefile@1.31 type: modified id: 20170709T200228Z.27e610c9e2a0ecc5f03f7c5a5106f37e3cf7eeb4 log: | 1.3.26: Security Fixes: --------------- DPX: Fix excessive use of memory (DOS issue) due to file header claiming large image dimensions but insufficient backing data. (CVE-2017-10799). JNG: Fix memory leak when reading invalid JNG image (CVE-2017-8350). MAT: Fix excessive use of memory (DOS issue) due to continuing processing with insufficient data and claimed large image size. Verify each file extent to make sure that it is within range of file size. (CVE-2017-10800). META: Fix heap overflow while parsing 8BIM chunk (CVE-2016-7800). PCX: Fix denial of service issue. RLE: Fix abnomally slow operation (denial of service issue) with intentionally corrupt colormapped file. PICT: Fix possible buffer overflow vulnerability given suitably truncated input file. PNG: Enforce spec requirement that the dimensions of the JPEG embedded in a JDAT chunk must match the JHDR dimensions (CVE-2016-9830). PNG: Avoid NULL dereference when MAGN chunk processing fails. SCT: Fix stack-buffer read overflow (underflow?) while reading SCT header. SGI: Fix denial of service issues. Delay large memory allocations until file header has fully passed sanity checks. TIFF: Fix out of bounds read when reading CMYKA TIFF which claims to have only 2 samples per pixel (CVE-2017-6335). TIFF: Fix out of bounds read when reading RGB TIFF which claims to have only 1 sample per pixel (CVE-2017-10794). WPG: Fix heap overflow (CVE-2016-7996). Fix assertion crash (CVE-2016-7997). Bug fixes: ---------- DifferenceImage(): Fix Fix all-black difference image if an input file is colormapped. EXIF orientation was not being properly detected for some files. -frame: The import command -frame handling was improperly implemented and was using already freed data. GIF: Fixes for "Excessive LZW string data" problem. Magick++: Bug fixes to PathSmoothCurvetoRel::operator() and PathSmoothCurvetoRel::operator(). PAM: Support writing GRAYSCALE PAM format. PNG: Fix memory leaks. SVG: Fixed a memory leak. Fixed a possible null pointer dereference. TclMagick: Problem that TkMagick could not resolve functions from TclMagick under Linux is fixed. TclMagick: Fix parser validatation in magickCmd() to avoid crash given a syntax error. TIFF: Fix for reading old JPEG files (avoids "Improper call to JPEG library in state 0. (LibJpeg)."). TXT: Fixed memory leak. XCF: Error checking is improved. New Features: ------------- EXIF rotation: Support is added such that the EXIF orientation tag is updated when the image is rotated. MAT: Now support reading multiple images from Matlab V4 format. Magick++: Orientation method now updates orientation in EXIF profile, if it exists. Magick++: Added Image attribute method which accepts a 'char *' argument, and will remove the attribute if the value argument is NULL. -orient: The -orient command line option now also updates the orientation in the EXIF profile, if it exists. PGX: Support PGX JPEG 2000 format for reading and writing (within the bounds of what JasPer supports). Wand API: Added MagickAutoOrientImage(), MagickGetImageOrientation(), MagickSetImageOrientation(), MagickRemoveImageOption(), and MagickClearException(). module: pkgsrc subject: 'CVS commit: pkgsrc/graphics' unixtime: '1499630548' user: adam